Month: August 2012

Post navigation

Customer had hired a Consultant to originally setup their Exchange 2007 environment and now their Certificate had expired. Was originally setup to use their 2008 Enterprise CA so customer not only did not know how to generate the request from within Exchange but also did not know how to submit it to their own CA (I know).

Now with a 2003 CA I would just generate the certificate request from within Exchange Management Shell then Browse to http://CA-Name/CertSRV> Click Request a Certificate>Advanced Certificate Request>Submit a Certificate Request by Using a Base-64…..>Then select “Web Server” from the Certificate Template drop-down (Figure 1).

However, on a 2008 CA you do not have the option for Web Server (Figure 2)

This obviously makes it difficult to use the old familiar web-based interface to request your certificate. I believe these additional templates were removed from /CertSRV by default due to security reasons but I have yet to confirm.

Resolution:

So in this case I just needed to generate the certificate request on 2007, copy the .req file to my CA, and use the certreq.exe utility on the CA to process the request. The commands for the request are as follows:

Depending on the settings of your CA this request may be auto approved (in which case the .cer file will be located in your current working directory in Command-Prompt; or just specify a path in the command) or you may need to approve it. You can do this either by launching the Certificate Authority MMC snap-in and going to “Pending Requests” or using the following command:

Certreq.exe –accept NewCertName.cer

Once you get the cert file just import it using Exchange Management Shell (if 2007; I usually recommend the GUI Wizard in 2010).

If you choose to use the command line method on a 2003 CA then you may have to go through the following article

In searching to see if anyone else had published these steps I ran across the blog of Jeff Schertz. I’ve been to his blog before and always find great content. Here’s the referenced post but check out some of his other great articles; specifically for Lync.

Edit: Check this post if you receive a “Certificate Not Issued (Incomplete)” message via command prompt.

Tools

I’m happy to announce a significant update to our scalability guidance for Exchange 2016. Effective immediately, we are increasing our maximum recommended memory for deployments of Exchange 2016 from 96 GB to 192 GB. This change is now reflected within our Exchange 2016 Sizing Guidance, as well as the latest release of the Exchange Server...

Over the last few months, we ran a TAP Program where our customers tested the batch migration process to move their public folders (both online and on-premises) to Office 365 Groups. We want to thank all of the customers who helped us out with the testing by sharing their experiences with us. The TAP program...